corporate governance of ict charter - bitou.gov.za
TRANSCRIPT
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 1 of 13
Corporate Governance of ICT Charter
Document ID ICT01 (Version 1, dated 29 April 2018)
Last Approval (N/A)
June 2018
FY 2018/2019
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 2 of 13
TABLE OF CONTENTS
TABLE OF CONTENTS ........................................................................................................... 2
GLOSSARY ............................................................................................................................................................ 3
1. Purpose of Charter ............................................................................................................ 4
2. Introduction ........................................................................................................................ 4
3. Legislation ......................................................................................................................... 6
3.1. External Inputs ........................................................................................................................................ 6
3.2. Legislation ............................................................................................................................................... 6
4. Scope ................................................................................................................................ 6
5. Key Elements .................................................................................................................... 6
5.1. King Principles ......................................................................................................................................... 6
5.2. COBIT Key Elements ................................................................................................................................ 7
6. Objectives of Charter ......................................................................................................... 7
7. Structures, Functions, Roles and Responsibilities ............................................................. 8
7.1. Structures ................................................................................................................................................ 8
7.1.1. High Level Structure ............................................................................................................................ 8
7.1.2. Other Structures .................................................................................................................................. 9
7.1.3. The Municipal Council ......................................................................................................................... 9
7.1.4. The Municipal Manager .................................................................................................................... 10
7.1.5. Municipal ICT Steering Committee ................................................................................................... 10
7.1.6. Municipal Risk Committee ................................................................................................................ 10
7.1.7. ICT Audit Committee ......................................................................................................................... 11
7.1.8. Management ..................................................................................................................................... 11
7.1.9. Established Policies and Plans ........................................................................................................... 11
7.2. Functions, Roles and Responsibilities ................................................................................................... 12
7.3. Members ............................................................................................................................................... 12
8. Framework Policies and Guidelines ................................................................................ 12
9. Evaluation and Review .................................................................................................... 13
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 3 of 13
GLOSSARY
AG Auditor-General of South Africa
CIO Chief Information Officer
CGICTPF Corporate Governance of ICT Policy Framework
DPSA Department of Public Service and Administration
DCOG Department of Cooperative Governance
ICT Information and Communications Technology
ISO/IEC International Organisation for Standardisation (ISO) and the
International Electro technical Commission (IEC)
ISO/IEC 38500 International Standard on Corporate Governance of ICT
(ISO/IEC WD 38500: 2008: 1)
ITGI™ ICT Governance Institute
King III The King III Report and Code on Governance for South Africa
MICTGP Municipal ICT Governance Policy
M&E Monitoring and Evaluation
PSCGICTPF Public Service Corporate ICT Governance Policy Framework
SALGA South African Local Government Association
SDBIP Service Delivery and Budget Implementation Plan
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 4 of 13
CORPORATE GOVERNANCE OF ICT CHARTER
1. Purpose of Charter
The purpose of this Charter document is twofold; firstly, it will guide the creation and
maintenance of effective enabling governance structures, processes and practices as dictated
by the Municipal Corporate Governance of ICT Policy.
Secondly, the Charter also clarifies the governance of ICT-related roles and responsibilities
towards achieving the municipality’s strategic goals. In order to achieve this, various best
practices, standards and legislation are used.
2. Introduction
The Charter depicts how the Municipal Corporate Governance of ICT Policy will be
implemented and describes the related structures, processes, functions, accountability, roles
and responsibilities, delegations and reporting responsibilities. This Charter has been
customised to accommodate Bitou Municipality’s unique operating environment, whilst
ensuring the principles of the Municipal Corporate Governance of ICT Policy are maintained.
In order to understand the Charter and its supported elements, Figure 1 will be used for
reference.
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 5 of 13
Figure 1: Supporting Elements of Charter
From Figure 1 it is clear that two main levels exist. Firstly the Legislative Level comprises the
Municipal Corporate Governance of ICT Policy, referred to as “a” in Figure A. This is a
legislative document from the Department of Cooperative Governance and Traditional Affairs
containing requirements that local government must adhere to.
Secondly, Figure b shows the Local Government Level. This level comprises of multiple
elements, which is further divided into sub-levels.
The first sub-level is the Executive sub-level, which contains the Charter, referred to as “B” in
Figure 1. This Charter receives various inputs from “A” but also flows into the next sub-level
The second sub-level is the Tactical sub-level which receives input from “A” and contains
Corporate Governance of ICT Policy. This element will provide guidance and input for the third
element, the ICT Strategy Plan, referred to as “D” in Figure 1.
The third sub-level contains the implementation of the combined elements and is called the
Operational sub-level. Within this sub-level, the Implementation of Plan, referred to as “D” in
Figure 1, is housed and receives input from both “C” an “B” in the Tactical sub-level.
All these elements together address the Corporate Governance of ICT in Bitou Municipality.
Municipality Corporate Governance of ICT Policy (MCGICTP)
Corporate governance of ICT for Bitou Municipality
ICT Plan
Charter
ICT Implementation plan
Implementation of plan
B Executive Sub Level
C
Tactical Level
D Operational Level
Lo
ca
l Go
ve
rnm
en
t Le
ve
l L
eg
isla
tive le
vel
A
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 6 of 13
3. Legislation
As dictated by the Municipal Corporate Governance of ICT Policy (Figure 1: A), multiple best
practices and standards and legislation were used in order to draft this Charter.
3.1. External Inputs
1. ISO/IEC 38500 standard
2. King Code
3. COBIT processes
3.2. Legislation
1. Municipal Systems Act 2000 (Act 32 of 2000)
2. Municipal Finance Management Act 2003 (Act 56 of 2003)
These best practices, standards and legislation form the basis of the structures needed in order
to implement the Corporate Governance of ICT.
4. Scope
This Charter for Corporate Governance of ICT (Figure 1: B) is applicable to Bitou Municipality
collectively, as stated in the approved Municipal Corporate Governance of ICT Policy (Figure
1: A). The Executive Authority, Accounting Officer and Executive Management are important
driving factors in this regard. This Charter is the mandate on how the Governance of ICT will
be established in BITOU Municipality.
5. Key Elements
5.1. King Principles
1. The Municipal Council of local government should be responsible for Information
Communication Technology (ICT) Governance.
The King Code recommends that strategic management (the Municipal Council in this case)
should establish an ICT Charter (Figure 1: B). Furthermore, this ICT Charter should outline the
decision-making rights and accountability framework for the Governance of ICT that would
enable the desirable culture in the use of ICT within the municipality.
Supporting the above mentioned King Code, are COBIT key elements.
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 7 of 13
5.2. COBIT Key Elements
1. Strategic alignment focuses on ensuring the linkage of business and ICT plans,
defining, maintaining and validating the ICT value proposition, and aligning ICT
operations with enterprise operations.
1. Value delivery is about executing the value proposition throughout the delivery cycle,
ensuring that ICT delivers the promised benefits against the strategy, concentrating on
optimising costs and proving the intrinsic value of ICT.
2. Resource management is about the optimal investment in, and the proper
management of, critical ICT resources: applications, information, infrastructure and
people. Key issues relate to the optimisation of knowledge and infrastructure.
3. Risk management requires risk awareness by senior organisational officers, a clear
understanding of the enterprise’s appetite for risk, understanding of compliance
requirements, transparency about the significant risks to the enterprise and embedding
of risk management responsibilities into the organisation.
4. Performance measurement tracks and monitors strategy implementation, project
completion, resource usage, process performance and service delivery, using, for
example, balanced scorecards that translate strategy into action to achieve goals
measurable beyond conventional accounting.
Based from these above mentioned key elements, the objectives of this Charter can clearly be
defined below.
6. Objectives of Charter
As dictated by the Municipal Corporate Governance of ICT Policy (Figure 1: A), the objectives
of the Charter (Figure 1: B) are as follows:
A. To identify and establish a Corporate Governance of ICT Policy (Figure 1: A) and
implementation guideline for the municipality;
B. To embed the Corporate Governance of ICT as a subset of the municipal
governance objectives.
C. Create municipal value through ICT enablement by ensuring municipal IDP and
ICT strategic alignment;
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 8 of 13
D. Provide relevant ICT resources, organisational structure, capacity and capability
to enable ICT service delivery;
E. Achieve and monitor ICT service delivery performance and conformance to
relevant internal and external policies, frameworks, laws, regulations, standards
and practices;
F. Implement the governance of ICT in the municipality, based on an approved
implementation plan (Figure 1: C).
G. Regarding the above mentioned objectives, certain structures need to be in place
in order to address each objective. These structures need to be in place
7. Structures, Functions, Roles and Responsibilities
The Charter outlines the decision making rights and accountability of ICT governance that will
enable the desirable culture in the use of ICT within the municipality. This is achieved by
requiring ICT management to provide timely information to comply with direction given by
Municipal Council and to conform to the principles of good governance.
7.1. Structures
Specific structures should be established to give effect to the Governance of ICT, and the
management of ICT functions.
7.1.1. High Level Structure
The Corporate Governance of ICT has three tiers, and each tier has a process for decisions
and reporting, as listed in Table 1.
Structure Position Responsibility Process
Executive
Authority Level
Mayor/Council and Municipal Manager
Direct and Monitor the Performance of ICT
Municipal Council Meetings
Tactical
Management
Municipal Manager/HODs/Assigned councilors.
Supervise, check and act to effectively leverage ICT resources
ICT Steering committee/Head of Department Meetings
Process Level Manager: ICT/ICT department
Activities are preformed, controlled and check in alignment with business objectives
Day to day processes
Table 1: Three-Tiered Structure
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 9 of 13
Other structures should also be established that could support the three-tiered structure.
Figure 2: Structure – Charter Directive
7.1.2. Other Structures
7.1.3. The Municipal Council
The Municipal Council must provide political leadership and strategic direction through:
Determining policy and providing oversight;
Take an interest in the Corporate Governance of ICT to the extent
necessary to ensure that a properly established and functioning Corporate
Governance of ICT system is in place in the municipality to leverage ICT
as an enabler the municipal IDP;
Assist the Municipal Manager to deal with intergovernmental, political and
other ICT-related Municipal issues beyond their direct control and
influence; and
Ensuring that the municipality’s organisational structure makes provision
for the Corporate Governance of ICT.
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 10 of 13
7.1.4. The Municipal Manager
The Municipal Manager must provide strategic leadership and management of ICT
through:
Ensuring alignment of the ICT strategic plan with the municipal IDP;
Ensuring that the Corporate Governance of ICT is placed on the
municipality’s strategic agenda;
Ensuring that the Corporate Governance of ICT Policy Framework, and
related policies for the institutionalisation of the Corporate Governance of
ICT are developed and implemented by management;
Determining the delegation of authority, personal responsibilities and
accountability to the Management with regards to the Corporate
Governance of ICT;
Ensuring the realisation of municipality-wide value through ICT service
delivery and management of Municipal and ICT-related risks;
Ensuring that appropriate ICT capability and capacity are provided and a
suitably qualified and experienced Governance Champion is designated;
Ensuring that appropriate ICT capacity and capability are provided and
that a designated official at a Management level takes accountability for
the Management of ICT in the municipality; and
Ensuring the monitoring and evaluation of the effectiveness of the
Corporate Governance of ICT system e.g. ICT steering committee.
7.1.5. Municipal ICT Steering Committee
The establishment of an appropriate ICT steering Committee will ensure
that the application, management and review of the organizations ICT
strategies and plans are consistent with the goals and objectives of the
organisation and will ensure that the department complies with legislation
The ICT Steering Committee will advise management on all matters
related to ICT
7.1.6. Municipal Risk Committee
The establishment or use of an appropriate Municipal Risk Committee will
accept the responsibility to perform an oversight role for the identification
and mitigation of ICT-related risks
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 11 of 13
The Municipal Risk Committee will assist management in carrying out the
Corporate Governance of ICT accountabilities and responsibilities
7.1.7. Audit Committee
The use of the established and appropriate Audit Committee will accept
the responsibility to perform management of ICT audit and governance
compliance
The Audit and Audit Performance Committee will assist management in
carrying out the Corporate Governance of ICT accountabilities and
responsibilities
7.1.8. Management
Management must ensure that:
ICT strategic goals are aligned with the municipality’s strategic goals and
support the municipal processes;
Municipal-related ICT strategic goals are cascaded throughout the
municipality for implementation and are reported on.
Specific policies and plans need to be established to support the mentioned structures.
7.1.9. Established Policies and Plans
Policy Plan Owner Approval
1. Corporate Governance of ICT Policy Municipal Manager Council
2. Corporate Governance of ICT Charter Municipal Manager Council
3. ICT Steering Committee Charter Municipal Manager ICT Steering Committee
Operational Policy Owner Approval
4. ICT Disaster Recovery Policy ICT Council
5. ICT Data Backup and Recovery policy ICT Council
6. ICT Operating Security Control Policy ICT Council
7. ICT Security Control Policy ICT Council
8. ICT User Access Management policy ICT Council
Policy Plan Owner Approval
9. ICT Service Level Agreement and Contract Management
ICT ICT Steering Committee
10. ICT Enterprise Architecture ICT ICT Steering Committee
11. ICT Disaster Recovery Plan ICT ICT Steering Committee
12. ICT Strategy Plan ICT ICT Steering Committee
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 12 of 13
13. Risk Management Policy Internal Audit Council
14. Internal Audit Plan Internal Audit Audit Committee
According to the Municipal Corporate Governance of ICT Policy (Figure 1: A), the above
mentioned structures, including established policies and plans, should be established in order
to complete the phases of Corporate Governance of ICT.
7.2. Functions, Roles and Responsibilities
According to the Municipal Corporate Governance of ICT Policy (Figure 1: A), specific
functions, roles and responsibilities should exist, regarding the established structures.
These functions, roles and responsibilities are addressed in this Charter (Figure 1: C).
7.3. Members
Regarding the structures previously mentioned, specific members need to form part of each
structure. The ICT Steering Committee Charter addresses the members of each structure.
All mentioned structures, functions, roles and responsibilities are important to give effect to the
Governance of ICT.
8. Framework Policies and Guidelines
Corporate Governance of ICT is a collection of various documents and policies which guides
council in decision making, monitoring risks and performance. These are required to ensure
that status quo, business direction and management procedures are documented and
available. The following policies and documents are required to ensure the governance of ICT
and is linked to this Charter document:
Policy Requirements
Corporate Governance of ICT Charter
(This Document)
(Figure 1: B)
Accountability of allocated to departments
Business and ICT structures defined
Business and ICT role and responsibilities defined
Business and ICT decision making powers defined
Business and ICT delegations allocated
Policy Title: Corporate Governance of ICT Charter
Status: Draft policy workshopped on the 22nd March 2018. Submitted to Council for approval and
adoption per Item C/2/96/06/18 on the 29 June 2018.
FY 2018/2019
Page 13 of 13
Policy Requirements
ICT Plan (ICT strategy/ /ICT Book of
standards)
(Figure 1: c)
Mapping of elements of information plan in ICT plan
Departmental business assurance that ICT understands the
business and its processes
Business service delivery and ICT alignment
Current and future ICT status: skills, structure and policies
Multi-year high level ICT implementation roadmap
ICT Operational Manual Owned and developed by IT but executive management must
ensure it is aligned to business
ICT operational policies
IT assets, resources, capacity and capability optimised
Applications, information and technology use and management
Management of ICT related business risk
Continuous Improvement Roadmap Policies revised at least every 3 years (developed by business
on a strategic level and IT department on an operational level)
ICT Strategic Plan
Roadmap linked to Annual Performance Plans to improve and
functionality of:
CGICT system
Business and ICT service delivery alignment
Business management of ICT
Governance of and management of ICT
Table 4: Framework Policies and Guidelines
9. Evaluation and Review
The review of policies, procedures and charters ensures the adaption to new legislation,
executive decision making platforms that may change and maturing of ICT governance.
Associated Policies must be reviewed or revised.
The policies and charters must be developed or reviewed by management on a strategic level
and IT department on an operational level. This process must be linked on the Improvement
Roadmap and Annual Performance Plans.
The Executive Authority Level and Executive Management give their full support, for
determining the required processes needed for Corporate Governance of ICT as well as the
implementation thereof, as far as possible from an administrative and financial capability.